From: Beau Belgrave <beaub@linux.microsoft.com>
To: rostedt@goodmis.org
Cc: keescook@chromium.org, linux-trace-devel@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
beaub@linux.microsoft.com
Subject: [PATCH] user_events: Add trace event call as root for low permission cases
Date: Tue, 8 Mar 2022 14:28:07 -0800 [thread overview]
Message-ID: <20220308222807.2040-1-beaub@linux.microsoft.com> (raw)
Tracefs by default is locked down heavily. System operators can open up
some files, such as user_events to a broader set of users. These users
do not have access within tracefs beyond just the user_event files. Due
to this restriction the trace_add_event_call/remove calls will silently
fail since the caller does not have permissions to create directories.
To fix this trace_add_event_call/remove calls will be issued with
override creds of the global root UID. Creds are reverted immediately
afterward.
Signed-off-by: Beau Belgrave <beaub@linux.microsoft.com>
---
kernel/trace/trace_events_user.c | 39 ++++++++++++++++++++++++++++++--
1 file changed, 37 insertions(+), 2 deletions(-)
diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c
index 2b5e9fdb63a0..7dfa83ff2466 100644
--- a/kernel/trace/trace_events_user.c
+++ b/kernel/trace/trace_events_user.c
@@ -557,6 +557,41 @@ static struct trace_event_functions user_event_funcs = {
.trace = user_event_print_trace,
};
+static int user_event_set_call_visible(struct user_event *user, bool visible)
+{
+ int ret;
+ const struct cred *old_cred;
+ struct cred *cred;
+
+ cred = prepare_creds();
+
+ if (!cred)
+ return -ENOMEM;
+
+ /*
+ * While by default tracefs is locked down, systems can be configured
+ * to allow user_event files to be less locked down. The extreme case
+ * being "other" has read/write access to user_events_data/status.
+ *
+ * When not locked down, processes may not have have permissions to
+ * add/remove calls themselves to tracefs. We need to temporarily
+ * switch to root file permission to allow for this scenario.
+ */
+ cred->fsuid = GLOBAL_ROOT_UID;
+
+ old_cred = override_creds(cred);
+
+ if (visible)
+ ret = trace_add_event_call(&user->call);
+ else
+ ret = trace_remove_event_call(&user->call);
+
+ revert_creds(old_cred);
+ put_cred(cred);
+
+ return ret;
+}
+
static int destroy_user_event(struct user_event *user)
{
int ret = 0;
@@ -564,7 +599,7 @@ static int destroy_user_event(struct user_event *user)
/* Must destroy fields before call removal */
user_event_destroy_fields(user);
- ret = trace_remove_event_call(&user->call);
+ ret = user_event_set_call_visible(user, false);
if (ret)
return ret;
@@ -1037,7 +1072,7 @@ static int user_event_trace_register(struct user_event *user)
if (!ret)
return -ENODEV;
- ret = trace_add_event_call(&user->call);
+ ret = user_event_set_call_visible(user, true);
if (ret)
unregister_trace_event(&user->call.event);
base-commit: 864ea0e10cc90416a01b46f0d47a6f26dc020820
--
2.17.1
reply other threads:[~2022-03-08 22:28 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220308222807.2040-1-beaub@linux.microsoft.com \
--to=beaub@linux.microsoft.com \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-trace-devel@vger.kernel.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.